MdeModulePkg/dec: add PcdImageProtectionPolicy.

Add PCD for image protection policy.

Cc: Star Zeng <star.zeng@intel.com>
Cc: Feng Tian <feng.tian@intel.com>
Cc: Michael Kinney <michael.d.kinney@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.0
Signed-off-by: Jiewen Yao <jiewen.yao@intel.com>
Reviewed-by: Jeff Fan <jeff.fan@intel.com>
Tested-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>

diff --git a/MdeModulePkg/MdeModulePkg.dec b/MdeModulePkg/MdeModulePkg.dec
index c95633c11758663f1b66416b9bcc14dd766081de..9b7fb6356dd4029cfe62bb92b1026e8e3ccd82b0 100644 (file)
--- a/MdeModulePkg/MdeModulePkg.dec
+++ b/MdeModulePkg/MdeModulePkg.dec
@@ -1088,6 +1088,16 @@
   # @Prompt Memory profile driver path.\r
   gEfiMdeModulePkgTokenSpaceGuid.PcdMemoryProfileDriverPath|{0x0}|VOID*|0x00001043\r
 \r
+  ## Set image protection policy. The policy is bitwise.\r
+  #  If a bit is set, the image will be protected by DxeCore if it is aligned.\r
+  #   The code section becomes read-only, and the data section becomes non-executable.\r
+  #  If a bit is clear, the image will not be protected.<BR><BR>\r
+  #    BIT0       - Image from unknown device. <BR>\r
+  #    BIT1       - Image from firmware volume.<BR>\r
+  # @Prompt Set image protection policy.\r
+  # @ValidRange 0x80000002 | 0x00000000 - 0x0000001F\r
+  gEfiMdeModulePkgTokenSpaceGuid.PcdImageProtectionPolicy|0x00000002|UINT32|0x00001047\r
+\r
   ## PCI Serial Device Info. It is an array of Device, Function, and Power Management\r
   #  information that describes the path that contains zero or more PCI to PCI briges\r
   #  followed by a PCI serial device.  Each array entry is 4-bytes in length.  The\r